Disable Directory Browsing

Directory browsing one of the most common security flaws in a WordPress site. By default, the webserver enables directory browsing. This means that all files and folders inside the root directory of the webserver are accessible by a visitor.

Configure wp-config.php

The WordPress architecture includes a file wp-config.php which contains key settings like the database connection settings, error handling etc. This article will list some of the best practices to ensure that your wp-config.php is safely configured.

Check your HTTP status codes with httpstatus.io

httpstatus.io is a popular bulk HTTP status checker, redirect checker and header checker. You can use this tool to easily check HTTP status codes, status messages, response headers, and redirect chains returned by a server in response to a URL request by clients like a browser or search engine bot.

Disable wp-cron and configure server cron

There is a PHP function built into WordPress which is designed to replicate a cron service, which is activated whenever someone accesses the web site. This is acceptable when only 1-2 people are accessing the site, but as the website usage scales up to dozens of users, this results in an exponential load on the server.